Hi, I'm evaluating the application server. It works great, but I have a question about security. I've installed the application server in a Windows 2003 server. On the same server I've configured the gateway server on port 8000. The server is on a lan and to grant access from internet I've configured a rule on the company firewall. I'd like to use the application server to access only to two applications and we don't want that users access to the terminal server using a windows rdp client. So, they use 2x client and they access to the two company applications. Great! But, if I start from internet the microsoft rdp client pointing to the 8000 port on the firewall, I get the standard terminal server desktop (I can do the normal windows logon and access to the server). Is it possible to say to the application server or to the gateway to give access only to the applications using with the 2x client and to deny access to the classical terminal server using an rdp client like mstsc.exe? Is it possible to say to the gateway to accept connections only from 2x client software and not from rpd microsoft client? Thanks in advance for your help Luca
The solution would usually consist of exposing only the 2X Gateway and block direct access to the Terminal Servers. In this way, the clients can use a 2X Connection (with mode set to Gateway) to connect to the ApplicationServer but direct RDP connections would not pass through. The solution would roughly be a simplified version of: http://www.2x.com/images/single-farm-solution.jpg
Hi JPC, I've done exactly what you suggest. On the firewall I've exposed only the gateway port (port 8000 in my configuration, not the 3389 port). The 2x client is configured to use the gateway and it works. But if I start on my pc the microsoft rdp client (mstsc.exe) using the same address used by the 2x client (firewall:8000) , I get the connection with the windows 2003 server. It' seems the 2x gateway is working to grant access not only to 2x clients, but even to the rdp service. Is there a way to disable this function? Luca
Hi JPC, I've done exactly what you suggest. I've exposed only the gateway port (8000 in my configuration). But if I use the microsoft rdp client (mstsc.exe) usning the same address used by the 2x client (firewall:8000), the gateway gives to the mstsc.exe full access to the windows server desktop. Is there a way to config the gateway to serve only 2x client and disable the "normal" rdp service? thanks Luca
this is the solution: In the 2x console > Load Balancing > tunneling policy > highlight default > properties > choose none in the lower left corner, this will disable native MSTSC from tunneling to the TS.
